5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672

Analysis

max time kernel
124s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 02:02

Target

5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672.dll
Size

28KB
MD5

611240efbbe98f80ed7ec254fc244760
SHA1

2df1914d81399ec1cfd7716cd12c308df30ba3f6
SHA256

5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672
SHA512

92c967d082593a78480d0921746de20a8149758b2e41c5e6d24bd572736f9ddecfc3789dd0403795dcf502ff8fa665e61a514ccd83f776e69da05e52fa4d5ae4
SSDEEP

384:OH2aBIxR8cDQGdhBcOdUOCkIFlIkiKKMGYZKeYa1ocORj8ozllU3AUGiWa:WaxRuG3BcOWxkIUPoZ9Ya1Xq8ozz39

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 4032	748	regsvr32.exe	83
PID 748 wrote to memory of 4032	748	regsvr32.exe	83
PID 748 wrote to memory of 4032	748	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672.dll
  2⤵
  PID:4032

memory/4032-133-0x00000000007C0000-0x00000000007C5000-memory.dmp

Filesize
20KB

Download